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I Abstract Recently, alternating transition systems are adopted to describe 

CJ ' control systems with disturbances and their finite abstract systems. In order to 

^ I capture the equivalence relation between these systems, a notion of alternating 

' approximate bisimilarity is introduced. This paper aims to establish a modal 

Q>^ I characterization for alternating approximate bisimilarity. Moreover, based on 
this result, we provide a link between specifications satisfied by the samples 
of control systems with disturbances and their finite abstractions. 
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1 Introduction 



The notion of bisimilarity is one of the central concepts in process algebra. 
Roughly speaking, two states are bisimilar if and only if they can perform 
lO ' same actions to reach bisimilar states. In general, two bisimilar processes are 

' always considered to be identical. In recent years, the notion of bisimilarity has 
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been adopted in the area of control theory to capture the equivalence between 
control systems and their finite abstraction [2H] [IS] [SO] ■ 

However, when the states or actions of labeled transition systems are as- 
sociated with quantitative data, the notion of bisimilarity seems not be very 
suitable for describing the equivalence in such situation. For example, in real 
time systems, there is often a little difference between time delays. If we use 
the usual notion of bisimilarity (for instance, timed bisimilarity |22) |31|) to 
capture the equivalence of states in such systems, time delays can match only 
if they are identical. Such exact matching may be unrealistic. On the other 
hand, in control theory, it has been pointed out that the notion of bisimilarity 
is so rigorous that it is often hard to construct finite abstractions which are 
bisimilar to the given control systems [l4] [ 24 ] . 

To overcome these defects, a number of theories are provided to describe 
approximate behavioral equivalence [S][B][7][in][n][I2[IS][15][lS][32]-In these 
work, two different approaches have been adopted. 

One approach is to introduce notions of approximate bisimilarity. In such 
category, Giacalone et al. are probably first to present the notion of approx- 
imate bisimilarity, and provide e-bisimilarity for probabilistic transition sys- 
tems TB]. In the framework of metric labeled transition systems, Ying provides 
the notion of A-bisimilarity 32 . This notion has been adopted to describe the 
equivalence between processes in time-CCS and time-CSP 132) . the equivalence 
and reliability of processes in pi-calculus with noise |33] . and the equivalence 
between quantum processes in qCCS |34j . 

In recent years, some notions of approximate bisimilarity are introduced in 
control theory. In the framework of LTS with observations and metrics over 
observations, Girard and Pappas introduce ^-approximate bisimilarity |15) . 
Pola and Tabuada adopt this notion to capture the equivalence between con- 
trol systems without disturbances and their finite abstractions [23]. They also 
provide the notion of alternating approximate bisimilarity in alternating tran- 
sition systems to describe approximate equivalence between control systems 
with disturbances and their finite abstractions |25) |26j . The notions of approx- 
imate bisimilarity play an important role in the analysis and design of control 
systems (for example, see [5]|16j [ ?7 ] ). Girard and Pappas give an overview 
about the related work and point out that the notions of approximate bisimi- 
larity provide a bridge between control theory and computer science [T7] . 

Another approach is based on distance functions over processes (or states, 
systems). For a variety of transition systems, distance functions have been in- 
troduced via distinct approaches (e.g., modal logic, fixed point, and coalgebra). 
For example, for probabilistic transition systems, Desharnais et al. [in][II] and 
Breugel et al. [6] [T] adopt these methods to define metrics over processes and 
establish the relationship between these metrics. Recently, Zhou and Ying de- 
fine a metric over probabilistic transition systems in terms of so-called "small- 
est" logical formula that distinguishes them [35]. For labeled transition sys- 
tems accompanied with metric, van Breugel provides pseudometrics over states 
through these three methods and shows that these pseudometrics coincide [S] . 



A Modal Characterization of Alternating Approximate Bisimilarity 



3 



To describe the equivalence between metric transition systems, de Alfaro et 
al. introduce linear distances and branching distances [S]. 

The relationship between these two approaches has been explored in the 
literature. For example, Giacalone et al. introduce a pseudometric over proba- 
bilistic transition systems in terms of e-bisimilarity [13] . Van Breugel presents 
a conjecture which concerns the relationship between his behavioural pseu- 
dometric and Ying's A-bisimilarity [5]. Recently, a negative answer to this 
conjecture is given |36| . In the framework of LTS with observations, Girard 
and Pappas characterize the branching distance in terms of (5-approximate 
bisimulation with the assumption that the discount factor a = 1 [15^. This 
result has been generalized to general case and the branching distance with 
arbitrary discount factor is characterized in terms of (77, a)-bisimilarity |37) . 

As well known, bisimilarity can be characterized as a fixed point |23) . via 
a modal logic [TB] and by way of coalgebra [T]. A modal characterization of 
bisimilarity is provided by Hennessy and Milner |18) . They demonstrate that, 
in the framework of LTS, bisimilarity coincides with logical equivalence w.r.t 
Hennessy-Milner logic (HML, for short), that is, two states in LTS are bisim- 
ilar if and only if they satisfy the same formulae of HML. Inspired by this 
result, different modal characterizations are established for a lot of varieties of 
bisimilarity in the above style. For instance, Alur et al. characterize alternating 
bisimilarity in terms of alternating-time temporal logic (ATL, for short) [3]. 
Ying provides a logical characterization of A-bisimilarity with the assumption 
that the metric is ultra-metric or A = 0. However, without such assumption, 
A-bisimilarity can not be characterized in the style of Hennessy-Milner theo- 
rem. Its logical characterization associated with arbitrary metric is established 
in a new style PJJ. 

The logical characterizations of bisimilarity play important roles in the 
formal analysis and design of control systems. They guarantee that control 
systems share the same logical properties with their finite abstractions which 
are bisimilar to these control systems. In such situation, the analysis and design 
of control systems can be equivalently performed on their finite abstraction, 
which considerably reduces the complexity of the analysis and design of control 
systems gUS^. 

This paper aims to establish a logical characterization of alternating ap- 
proximate bisimilarity. Furthermore, based on this result, for control systems 
with disturbances mentioned in |26) . we illustrate a relationship between lin- 
ear temporal logical specifications satisfied by their samples under control and 
by their finite abstractions under control, respectively. Roughly speaking, this 
paper demonstrates that if the sample of a control system with disturbances 
and its finite abstraction are alternating approximate bisimilar and the latter 
satisfies a specification under control, then the former may satisfy a "looser" 
specification under control. In particular, the transformation from a given 
specification to a looser one is provided. 

The rest of this paper is organized as follows. We recall related definitions 
and results in Section [21 In Section [31 we provide a variety of ATL and two re- 
lations between the formulas of this logical language, which play central roles 
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in this paper. Section 2] establishes a modal characterization of alternating 
approximate bisimilarity. In Section [SJ we illustrate a relationship between 
temporal logical specifications satisfied by the samples of control systems with 
disturbances and by their finite abstractions under control. Finally, we con- 
clude the paper in Section [HI 

2 Preliminaries 

This section will recall some notions and results about alternating transition 
systems, alternating bisimilarity and alternating approximate bisimilarity from 

mm- 

Before doing so, we introduce some useful notations. The symbol N, R, M+ 
and M^J. denote the set of positive integers, reals, positive reals and nonnegative 
reals, respectively. For any set A, represents the set of all non-empty finite 
strings over A, and ^4" denotes the set of infinite strings over A. We use sa 
and a A to denote the elements of A'^ and A'^ , respectively. If A is known from 
the context, we will omit the subscripts in sa and a a - For any s G s[i] and 
s[end] mean the i-th element and the last element of s, respectively. Given i < 
i, s[i,j], s[i, end] and a[i, oo] represent s[z]s[z -I- 1] • • • s[j], s[i]s[i -I- I] • • • s[en(i] 
and cr[i](T[i + 1] • • • , respectively. As usual, \s\ means the length of s. 

2.1 Alternating transition systems 

Definition 1 An alternating transition system is a 5-tuple {S,F, f2, II,h), 
where 

• S' is a set of states; 

• P is a set of observations; 

• i7 is a finite set of agents; 

• 7T : 5 P is an observation function; 

• h : S X SI 2^ is a function satisfying that for any state q G S, ii each 
agent i G Q chooses a set Si G h{q, i), then the set Hiei? '^i ^ singleton. The 
function h is often said to be transition function. 

If y h{q, i) is finite for each q G S and i G SI, then we say {S, P, SI, 77, h) is 
finite branching. If both the state set S and the observation set P are finite, 
then [S, P, S2, 11, K) is said to be a finite alternating transition system. 

Intuitively, for each state q, an agent i can choose a set Si G h{q, i) such 
that the state reached from q must belong to Si. According to the above 
definition, it is clear that the successor state of state q is determined when all 
agents make choices. 

Definition 2 Let T = {S, ¥, SI, U, K) be an alternating transition system, 
i G SI and Ag G SI. A function fi : 5*+ 2^ is said to be a strategy of i iff 
fi{s) G h{s[end\,i) for any s G S^ . A function Faq : S^ — !• 2"^ is said to be a 
strategy of Ag iff there exist a family of strategies fi of « (i G Ag) such that 
FA}{s) = ^\^eAg for any s G S+ . 
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In the following, we set h{q, Ag) = {HigAg Si : Si & h{q, i) for each i e Ag} 
for each state q and agent set Ag. The conclusion below is simple but useful. 

Lemma 1 Let T = {S, P, J7, 77, K) he an alternating transition system and 
Ag C n. The function FAg '■ S^ 2^ is a strategy of Ag if and only if 
FAg{s) € h{s[end], Ag) for any s G 5*+. 

Proof (From Left to Right) Immediately follows from Definition [2] and the 
definition of h. 

(From Right to Left) Suppose that the function Faq : S^ — > 2"^ satisfies 
that FAg{s) S h{s[end],Ag) for any s E S^. To show that this function is a 
strategy of Ag, construct a family of strategies fi{i G Ag) as follows: 

Let s € S~^ . Since Fj^(s) S h(s[end], Ag), it follows from the definition 
of h{s[end], Ag) that there exist Qi G h{s[end],i) for each i G Ag such that 
FAg{s) = ClifzAg Qi- Then, fix these Qi's, and for each i G Ag, we set fi{s) = 

Clearly, by Definition [21 for each i G Ag, the function fi : 5+ — > 2'^ defined 
above is a strategy of i. On the other hand, it is easy to check that for any 
s G S^ , FAg{s) — PliGyig Therefore, it follows from Definition [2] that F/^ 
is a strategy of Ag. □ 

In general, the strategies are provided for some agents to enforce the out- 
comes of alternating transition systems to satisfy the given properties, such as 
reachability, safety and so on. Formally, the outcomes of alternating transition 
systems under strategies are defined below. 

Definition 3 Let T = {S, P, f2, 77, h) be an alternating transition system, 
q e S, Ag C f2 and let Fa, : 5*+ — > 2"^ be a strategy of Ag. For each n G N, 

Out^iq, FAg) ^ {s eS+ : s[l] = q, \s\ ^ n and 

Vz < n3Q G h{s[i], n - Ag){FAg{s[l,i]) n Q = {s[i + 1]})} 

and 

OutT{q, FAg) = {a gS"" : f7[l] = q and 

Vi G N3Q G h{<j[i\, n - Ag){FA,{a[l,t]) n Q = {(j[i + 1]})}. 

Intuitively, Fj^ is used to indicate a family of choices of agent set Ag, while 
OuVr^{q, FAg) and Outxiq, FAg) consist of finite and infinite traces starting from 
q in which each step subjects to such choices. We often omit the subscripts 
of OuiJ((7, FAg) and Outxiq, FAg) when the alternating transition system T is 
clear from the context. 

Lemma 2 For any n G N, the following conclusion holds: 

OutJ^+\q, Fa,) ={s G 5"'+^ : s[l,n] G Out^{q,FAg) and 

FAg{s[l, n]) DQ — {s[end]} for some Q G ?i(s[«], — Ag)}. 



Proof Immediately. 



□ 
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2.2 Alternating bisimilarity and alternating approximate bisimilarity 

To capture the behavioral equivalence between alternating transition systems 
associated with the same observation set and agent set, Alur et al. introduce 
the notion of alternating bisimilarity ■ 

Definition 4 |3] Let Ti = (S'i,P, f2, Ui, hi) be two alternating transition sys- 
tems {i = 1, 2) and Ag C i7. The binary relation R C Si x S2 is said to be an 
Ag-alternating bisimulation if and only if for any (91,92) G R, 

(1) 7Ti(gi) = 772(92); 

(2) VQi G Hi{qi,Ag)3Q2 G ft2(g2,Ag)VQ^ e h2{q2, n-Ag)3Q[ e ;ii(9i,/2- 
^5)(QinQi) X (Q2nQ^) ci?g; 

(3) VQ2 G fi2(92,^5)3Qi G hiiqi, Ag)\/Q[ e ^1(91, /?-Ag)3Q^ G h2iq2,S7' 
Ag){QinQ[) X (Q2nQ^) Ci?. 

For any 91 G S*! and 92 G S'2 , these two states are said to be ^^-alternating 
bisimilar, in symbols 91 r^j^ 92, if and only if there exists an ^^-alternating 
bisimulation R such that (91, 92) G R. In other words, ^Ag— {J{R G 5i x ^2 : 
R is an Ag- alternating bisimulation}. 

It is easy to check that is an equivalence relation and is the largest 
A(/-alternating bisimulation. We leave it to the interested readers. Alur et 
al. establish a modal characterization of alternating bisimilarity in terms of 
alternating-time temporal logic (for short, ATL) [3^. They show that two states 
are A(/-alternating bisimilar if and only if they satisfy the same Ag-ATL for- 
mulas, where Ag- ATL formulas are ATL-formulas in which all path quantifiers 
occurring are parameterized by Ag. 

Recently, alternating transition systems associated with metric over ob- 
servations are adopted as models of the samples of control systems with dis- 
turbances and their finite abstractions [25 26 . In these work, the notion of 
alternating approximate bisimilarity is used to capture approximate equiva- 
lence between systems. 

Definition 5 [26 Let Ti — {Si,¥, f2, Uijtii) be two alternating transition 
systems {i = 1,2) and Ag C Q. Suppose that d is a metric over P and e G 
MP^_. The binary relation i? C 5i x 5*2 is said to be an (^(7, e)-alternating 
approximate bisimulation if and only if for any (91,92) G R, 

(1) d(7Ti (91), 772(92)) <£; 

(2) VQi G h{qi,Ag)3Q2 G h2{q2, Ag)yQ'^ e h2{q2, n-Ag)3Q[ e hiiq^n^ 
Ag)iQinQ[) X (Q2nQ^) C7?; 

(3) VQ2 G h2{q2,Ag)3Qi e hi{qi,Ag)yQ[ e ^1(91, l2-Ag)3Q!, e ^2(92,^?- 
Ag){Qir\Q[) X (Q2nQ^) c R. 

Two states 91 e S'l and 92 G ^2 are said to be {Ag, £)-alternating approx- 
imate bisimilar, denoted by 91 ^Jj^ 92, if and only if there exists an (Ag^e)- 
alternating approximate bisimulation R Q Si x S2 such that (91,92) G 7?. 

^ By Definition[T] it is easy to see that both Qi fl Q'^ and Q2 fl ^''^ singleton. Therefore, 
(<9i n Qi) X (Q2 n Q'2) is single. 
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Ti and T2 are said to be (Ag^ £)-alternating approximate bisimilar, in sym- 
bols Ti T2, if and only if {qi € Si : qi 92 for some (72 & S2} — Si and 
{q2 € S2 : qi 92 for some qi G Si} = S'2. 

The following results reveal some simple properties of (^5, e)-alternating 
approximate bisimilarity. 

Lemma 3 (1) ^5k,=~ Ag o,nd is an equivalence relation; 

(2) for any £1,62 G if Si < 62 then ~5^C-^; 

(3) for any e £ M5|_, ^Jig the largest (Ag, e)- alternating approximate 
hisimulation. 

Proof (1) Since d is a metric, we have (i(7Ti(gi), i72(<Z2)) < if and only if 
Uiiqi) ~ n2{q2) for any states qi and (72- Thus it follows from Definition |4] 
and El that (1) holds. 

(2) Immediately follows from Definition [5] 

(3) Let e G Rl_. According to Definition [SJ it is not difficult to check that 
{Ag, £)-alternating approximate bisimulations are preserved under union. Thus 

is the largest {Ag, £)-alternating bisimulation. □ 

As usual, {Ag, £)-alternating approximate bisimilarity can be characterized 
in the forth-back style. Formally, we have 

Theorem 1 qi 52 */ md only if the following hold: 

(1) d{ni{qi),n2{q2))<e; 

(2) ^Qi e hi{qi,Ag)3Q2 € h2{q2, Ag)yQ'^ e h2{q2, f2-Ag)3Q[ e hi{qi,Q- 
Ag){{Qir^Q'i) X (Q2nQ^) C^^); 

(3) -iQ2 G h2{q2,Ag)3Qi G hi{qi, Ag)\iQ'^ G hi{qi, n-Ag)3Q'^ G ?i2fe,^2- 
Ag){{Qir^Q'i) X (Q2nQ^) <Z^%). 

Proof (From left to right) Follows from Definition [S] and (3) in Lemma [31 

(From right to left) Let R ^ {((71,92) : qi and (72 satisfy (1)-(3)}U ^Jj^. 
It is almost immediate to check that R is an {Ag, £)-alternating approximate 
bisimulation. So by (3) in Lemma |3l the conclusion holds. □ 

It should be pointed out that (Ag, £)-alternating approximate bisimilarity 
is not always transitive and then is not always an equivalence relation. An 
example is given below. 

Example 1 Consider the alternating transition system ({(?i, (72, 93}, {pi,P2,P3}, 
{1}, n, h), where n{qi) = p, and h{q„ 1) ^ {{qi}} for i=l,2, 3. Let Ag = {1}. 
Define a distance function d over {^1,^2,^3} as: for any Pi,Pj G {pi,p2,Pi} , 
d{pi,pj) = li— j|. Clearly, this function 0? is a metric. According to Definition[Sl 
it is not difficult to see that pi P2, P2 P3 and pi rf^\g pz- Thus is 
not an equivalence relation. 
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3 ATL^, i?^ and E%g 

In this and the next sections, we will establish a logical characterization of 

(v4g, e)-altcrnating approximate bisimilarity. To this end, a modal language is 
introduced below, which is obtained by adding the diamond operator (e) to 
ATL. 

Definition 6 Let e G M° , P a finite set of propositions and let i? be a set of 
agents. ATL^ (P, H) formulae are divided into: state formulas and path formu- 
las, which are defined inductively as: 

state formula (p ::= p\{£)p\^ip\(p A (p\{{Ag))(f), 

where p Ag C Q and </> is a path formula; 

path formula (I) ::= ip\^(f)\(f) A (p\X<p\<pU<p, 

where tp is a state formula. 

The operator (( )) is a path quantifier. Given Ag C J7, an ATL^ (P, i7) 
formula a is said to be an Ag- ATLs{F, fi) formula if and only if all path 
quantifiers occurring in a are parameterized by Ag. 

As usual, logical connective V can be defined in terms of -i and A. If P and 
Q are clear from the context, ATL^{F, fi) and Ag-ATLe(P, f2) are often abbre- 
viated to ATLe and A^-ATLg, respectively. Henceforth, we use 7, (^i, 71 • • • 
to denote state formulas and <p,tjj,(j)i,'tjji, - ■ ■ to denote path formulas. 

Definition 7 Let T = {S, P, f2, U, h) be an alternating transition system, d a 

metric over P and e G M.^ . The satisfaction relation (Hp) between the states 
(the infinite state sequence a & S'^ , respectively) of T and state formulas (path 
formulas, respectively) is inductively defined as: for any q G S and a G S", 

• {T,d),q\=spiSp = n{q) for any p e P; 
. {T,d),q K {e)P iSdip,n{q))<e; 

• (T, d),q \=s -'<f iff T,q\=s does not hold; 

• (T, d),q 1=,, (pi A (p2 iff {T, d),q 1=^ ipi and (T, d),q ip2\ 

• {T,d),q \=s {{Ag))(j) iff there exists a strategy Faq of Ag such that 
(T, d), a \=p 4> for any a e Out{q, FAg); 

• for any state formula ip, (T, rf), a |=p p iff (T, d), (t[1] \=s ip\ 

• {T,d),a \=p iff (r,d),a[2,(X)] \=p 4>; 

• {T,d),a \=p (/)iU(/)2 iff there exists i gN such that {T,d),a[i, 00] \=p (p2 
and for any j < i, (T, d),a[j, 00] \=p 0i; 

• {T,d),a \=p -Kp (or (j>i A(j)2) can be defined similarly to 1=^. 

For convenience, the subscripts of 1=,, and \=p will be omitted in this paper. 
In the following, two rank functions are introduced as usual. 

Definition 8 Let e G Mq , P a finite set of propositions and let i7 be a set of 
agents. The rank function (^p) mapping ATL^ state formulas (path formulas, 
respectively) to natural numbers is defined as: 
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(1) for any p e P, = 1 and ^((e)^) = 1; 

(2) u^^) = Uv) + ^; 

(3) U{{Ag))4')=CpW + i; 

(4) S^sifi A ip2) = max{^5(¥3i),^5(¥32)} + 1; 

(5) for any state formula ip, ^p{ip) — ^s{v) + 1; 

(6) iph^) = U<t>) + ^; 

(7) ep(X0) = + 1; 

(8) A </>2) = max{fp(0i),^p(</)2)} + 1; 

(9) fp(0iU02) = max{ep(<^i),ep(02)} + 1. 

This paper aims to establish a modal characterization of {Ag, e)-alternating 
approximate bisimilarity in terms of Ag-AThf,. However, as shown in Exam- 
ple[I] {Ag, e)-alternating approximate bisimilarity is not always an equivalence 
relation. Then it may not coincide with modal equivalence w.r.t any modal 
logic. In other words, the modal characterization of {Ag, e)-alternating approx- 
imate bisimilarity can not be provided in the usual style. 

To overcome this defect, two binary relations between formulas will be in- 
troduced, which will play the central roles in this paper. Before giving them 
formally, we explain the motivation behind these notions. Recall that two 
states are (A;/, e)-alternating approximate bisimilar if and only if they sat- 
isfy the forth and back conditions in Theorem [T] So, in order to establish 
the modal characterization of (Ag, e)-alternating approximate bisimilarity, we 
need to formalize these conditions in terms of ATL^ formulas. According to 
the semantics of ATL^, we have the following observation. 

For any e £ M.'^ , state qi of Ti and state q2 ofT2, qi ^Jj^ 92 implies that 
for each p G P, {Ti,d),qi \= p implies {T2,d),q2 ^ {e) p and vice verse. 

This simple observation gives us a hint about the logical characterization 
of £)-alternating approximate bisimilarity. That is, we may characterize 
it in terms of an appropriate binary relation H over ATL^ state formulae, 
and this characterization will possess the form "qi ^Jj^ q2 iff for any pair {(p, 
7) € H, {Ti,d),qi 1= Lp implies {T2,d),q2 \= 7, and vice versa". To provide 
such relation H , we introduce the notions below. 

Definition 9 Let P be a finite set of propositions, e S Q a set of agents 
and Ag C Q. The binary relation H^(P, fi) over Ag-ATL,. state formulas and 
the binary relation £^^(P, /2) over Afj-ATL^ path formulas are the smallest 
pair of relations satisfying the following conditions (i.e., for any pair of relations 
H and E over states formulas and path formulas, respectively, if they satisfy 
the following conditions then ^^^(P, C H and E%^{f, n) C E): 

(1) for any p€F, {p, {e)p) G H%{F, n); 

(2) if (p, 7) e H%g{F, n), then (-7, G ^^^(P, 12); 

(3) if (^,,70 G H%{F, n) for i = 1,2, then {p^ A (^2, 7i A 72) e H%^{F, H); 

(4) if (V, </)) G E%^{F, Q), then {{{Ag^, {{Ag))4>) G H%{F, Q); 

(5) if (^,7) e H%{F,n), then (^,7) G E%^{F,Q); 

(6) if (V, 4>) G E%^{F, n), then G E%g{F, Q); 

(7) if {iIh, 0,) G E%{F, Q) for i - 1, 2, then (V'l A V2, 4>i A ^2) e E%^{F, Q); 
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(8) if (V', 0) e E%{¥, 12), then (X^-, X0) G i;5g(P, I?); 

(9) if (tA,, 0») e i;5g(P, r2) for I = 1, 2, then (V'l ^2, <^iU02) e £^i,(P, 

For convenience, if P and Q are clear from the context, _ff^(P, i?) and 
i?^ (P, i7) are often abbreviated to H'^ and , respectively. The following 
result guarantees the existence of these two relations. 

Proposition 1 Let ¥ he a finite set of propositions, e G M^, Q a set of agents 
and Ag C fi. Then 

(i) Let I he an index set. If for each i ^ I, the binary relation Hi over Ag- 
ATL^ state formulas and the binary relation Ei over Ag-ATL^ path formulas 
satisfy the conditions in Definition\^ then so is {f]_^^jHi,f],-^jEi). 

(ii) The smallest pair of relations satisfying the conditions in Definition\^ 
exist. 

Proof Clearly, the pair of relations H and E satisfy the conditions in Defini- 
tion [31 where H = {(1^91,1^92) : Vi ^-^d (p2 are Ag- ATLg state formulas} and 
E = {(01, 02) : 01 and 02 are Ag- ATL,; path formulas}. So it follows from (i) 
that (ii) holds. We prove (i) below. 

Assume that for each i G I, the binary relation Hi over Ag-ATL^ state 
formulas and the binary relation Ei over Ag-ATL^ path formulas satisfy the 
conditions in Definition [SI It suffices to show that the pair (Hig/ Hzg/ ^i) 
satisfies the conditions (l)-(9) in Definition [HI We will provide two sample 
cases. 

(1) Let p G P. Then for each i G /, since Hi and Ei satisfy the conditions in 
Definition[ni it follows that {p, {e)p) G Hi. Thus we have (p, {e)p) G Hie/ Eli. 

(2) Let [if, 7) G Hie/ ^i- Then [ip, 7) G Hi for each i G /. So for each j G /, 
since Hi and Ei satisfy the conditions in Definition [HI we get (-17,-11^9) G Hi. 
Therefore, we obtain (-17,-11^9) G Hi. □ 

A few of useful properties of Hj^ and are listed below. 

Lemma 4 For any {(p,j) G Hj^ and {ip,(t)) G E^, the following hold: 

(a) if is in one of the following forms: p, ~'"fi, (fi A (p2 and {{Ag))'ip; 

(b) if and ^ can not he in the form of {e)p; 

(c) ifif^p, then 7 {e)p and fs((^) = ^^(7) = 1; 

(d) if ip ~ then there exists a state formula ipi such that (931,71) G 
^Ag, 7 = -"Pi and £_s{f) = 6(7) = 6(71) + 1/ 

(e) if if = Lp\ t\ip2, then there exist state formulas 71 and 72 such that 
((^,,7,) e H%g{i = 1,2),7 = 71A72 and^siip) = 6(7) = max{^,(7i), ^^(72)}+ 

1; 

(/) = ((^5))V'i7 then there exists a path formula 0i such that {ipi, 0i) G 
E%g, 7 = {{AgUi and Uip) = ^.(7) = ^^(V'l) + 1; 

{g) if the path formula ip is also a state formula, then is also a state 
formula, {ip, 0) G H%g and ^p(0) = ^p{ijj) = + 1; 

(h) if ip = -101, then there exists a path formula ipi such that (-01,01) G 
^Ag' = -'V'l and (p{(f>) = ^p(0) = ^p(0^i) + 1; 



A Modal Characterization of Alternating Approximate Bisimilarity 



11 



(i) if tjj = i^i /\ ip2, then there exist path formulas 4>i and (j)2 such that 
{ipt,(t)t) e E%^{i = 1,2), = 0iA(/)2 andip{4i) = £,p{'ip) = niax{^p(V'i), Cp(i/'2)}+ 

1; 

(i) */ "0 = ^^ij then there exists a path formula (j)i such that S 

(fc) if tj} — 'ipi\Jil)2, then there exist path formulas (pi and (j)2 such that 
€ E%j{i = 1,2), (j) = 0iU(/)2 and£,p{(j)) = ^^(-0) = niax{^p(?/'i), ^p(?A2)}+ 

1. 

Proof Straightforward. □ 

It follows from the above result that {p, {e)p) G Hj^ and (p, {e)p) G i?^ 
but neither {{e)p,p) G iJ^ nor {{e)p,p) G i^^. Thus neither nor 
is symmetric and then none of them is an equivalence relation. For e = 0, 
some internal relations between H^^ (or, E'^) and \=s {\=p, respectively) are 
revealed in the next lemma. 

Lemma 5 Let T = (5*, P, 12, 77, h) he an alternating transition system and let 
d he a metric over P. Then 

(1) for any q E S and {ip, 7) G 77^, (T, d),q ^ ip if and only if (T, d),q ^ 

7; 

(2) for any ct G 5" and {ijj, (f>) G Ej^, (T, d),a- ip if and only if (T, d),a ^ 

(3) for any Ag-ATLo state formula tpo, there exists {(p,j) G 77^ such that 
for any q€ S, {T,d),q\= ipo if and only if (T, d), q ^ ip; 

(4) for any Ag-ATLo path formula ijjQ, there exists {ip, (f>) G 7?^ such that 
for any a G 5"^, (T, d),a \= -00 */ and only if (T, d), a ^ ip- 

Proof Since d is a metric over P, for any G P, d{p,p') < if and only if 
p = p' . Further, by Definition [7] and LemmaUl it is easy to prove (1) and (2) by 
induction on the ranks of ip and ip- Next, we prove (3) and (4) simultaneously 
by induction on the ranks of (po and "00 • 

By Definition[51 it is clear that if (.si^Po) — and ^p{ipo) — then (3) and 
(4) hold. 

Suppose that £,3(^0) — £,p{ipo) = n + 1 and the items (3) and (4) hold for 
any Ag- ATI^q state formula ip and Ag-ATLiQ path formula with ^s(v') ^ 
and £,p{ip) < n. According to Definition [H pjQ is in one of the following forms: 
p, {0)p, -171, (pi A ip2 and {{Agjjip, and ipQ is hi^ the form of (/?, -i^i, V'l A 02, X?/' 
or 0^iU0^2- In the following, we just provide two sample cases. The proofs of 
other cases are similar. 

Suppose that pjQ ~ {0)p for some p G P. It follows from (1) and {p, {0)p) G 
77^ that for any g G S, {T,d),q \= ipo if and only if (T, d),q \^ p. We set 1^9 = p 
and 7 = {0)p. Clearly, (93,7) G 77^ and for any q G S, {T,d),q \= ipo if and 
only if {T,d),q h f- 

Suppose that ipo — {{Ag))^p. Then by Definition [8j we get £,p{tp) — n. 
Further, by induction hypothesis, there exists (-0', 0') G E^ such that for any 
cr G S"", iT,d),a h V' if and only if (r,d),cr ^ 0>'. We set ip = {{Ag))^' and 
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7 = {{Ag))(j>' . Then it follows from Definitfon IH] that {(fi,^) € Moreover, 
by Definition [71 it is clear that for any q € S, {T,d),q \= ipo if and only if 
iT,d),q^cp. ^ U 

Proposition 2 Let T = {S, P, i7, 77, h) be an alternating transition system, d 
a metric over P and e G ]R*]_. Then for any q ^ S , a ^ , (Vj7) ^ '"^'^ 
{il>T<j)) G ^A(' ^'^^ following conclusions hold: 

(1) if(T,d),q \= (fi then {T,d),q ^ 7; 

l"^; if {T, d), a^t/j then (T, d), a ^ (p. 

Proof We prove (1) and (2) simultaneously by induction on the ranks of ip and 

By Definition m if £,s{f) — and ^p{ip) = then the conclusions hold 
trivially. 

Suppose that ^s{(p) = Cp(V') = n + 1, ((^,7) e H%g, {tp,(t)) 6 E%g and 
the items (1) and (2) hold for any {ipo,jo) 6 77^ and (V'Oj^o) G -E-^ with 
Cs(</'o) 1^ a-nd ^pd'a) < tt.. By Definition[5J 93 is in one of the following forms: 
p, -171, (fii A (^2 and {{Agjjipi, and is in the form of (/?!, -i^i, V'l ^ V'2, XV'i or 
il)i\5^2- In the following, we just provide some sample cases. 

Case \ tp = p ioT some p G P. Then by Lemma HI we obtain 7 — (e)p. Let 
q S and (T, d), g ^ i^a. Then it follows from Definition [7] that 77(g) = p. Since 
c? is a metric, we have d{p,n{q)) — d{p,p) — < e. Thus by Definition [71 we 
get (r,d),g h 

Case 2 ip — {{Ag))'ipo. Let q & S and (T,d),q ^ (yS. Due to Lemma [H 
there exists a path formula (^0 such that (V'o,0o) G -^'a,, 7 = ((^5))0o and 
fslv?) = fs(7) = ^pii^o) + 1- By Definition [3 and (T, |= (p, there is a 
strategy Faq of such that (T, d), cr ^ for any cr G Out{q, Faq). Then by 
induction hypothesis, {T,d),a \= (j)o for any a G Out{q, Fj^). Therefore, by 
Definition [71 we have {T,d),q ^7. 

Case Sip = %pi\Ji)2- Let ct G 5" and {T,d),a |= It follows from Lemma[4] 
that for some path formulas 0i and 02, (V'ij'/'i) G 7?^ (i = 1,2), 4> = 4>i^4>2 
and ^piip) = £,p{(j)) = max{^p(V'i), Cp(V'2)} + 1. Since (T, d),cr \= ip, by Defini- 
tion [71 there exists i G N such that (T, d), cr[i, 00] |= ?/;2 and (T, d), cr[j, cxd] |= 
ipi for any j < i. Then by induction hypothesis, {T,d),a[i, 00] \= (j)2 and 
(T, (i), cr [j, 00] 1= 01 for any j < i. Therefore, by Definition [71 we obtain 
(r,d),ah0. □ 



4 Modal characterization of alternating approximate bisimilarity 

This section will establish a modal characterization of {Ag, e)-alternating ap- 
proximate bisimilarity in terms of relations 77^ and E'^ defined in the previ- 
ous section. Similar method has been adopted to provide the modal character- 
ization of A-bisimilarity |35| . In order to obtain such modal characterization, 
a number of auxiliary lemmas are needed. 

Firstly, we intend to demonstrate that for any alternating approximately 
bisimilar states qi (of Ti) and (72 (of T2), given a strategy of Ti, there exists a 



A Modal Characterization of Alternating Approximate Bisimilarity 



13 



strategy of T2 such that, under control of these strategies, each trace starting 
from q2 is approximately bisimilar to some trace starting from qi. To prove 
this conclusion, we need konig's lemma (see [19]), which says 

every infinite, finite branching tree has an infinite branch. 

Lemma 6 Let Ti — {Si, P, i7, 77^, hi) be two finite branching alternating tran- 
sition systems (i — 1,2). Suppose that d is a metric over P, £ G M*}_,, Ag C J7 
and Fjig : (^i)^ — 2^^ is a strategy of Ag. For any qi G Si and q2 £ S2 
with qi '^Jjg q2, there is a strategy : (>5'2)^ — )> 2'^^ such that for any 
(72 e Out{q2,F'j^), 0-1 r^^j^ 0-2 for some di G Out{qi,FAg) El- 

Proof Let qi ^ Si, q2 ^ S2 and qi ^Jj^ q2. To obtain the desired strategy 
F'j^ : (5*2)+ -> 2-^^ we define subsets Z\„ of (S'2)" and functions F„ : Z\„ ^' 
2^^{n e N) by induction on n as follows. 

We set Ai = {92}- Since is a strategy of Ag, we get FAg{qi) G 
hi{qi,Ag). Then by gi 92 and Theorem [U there exists Q2 G ^2(92,^3) 
such that for any G ?i2('72, ^ - ^5), (Qi n FA,(gi)) x (Q2 n Q2) (=r^% for 
some Qi G hi{qi,D — Ag). Note that such Q2 may not be unique. Choose and 
fix an arbitrary such Q2 and set Fi{q2) = Q2- Clearly, Fi is a function from 
Ai to 

Suppose that Ak and Fk have been defined. We define Ak+i and Ffe+i 
below. We set 

Ak+i = {5292 ■ ^2 e ^fe and q'2 G Fk{s2) n for some ^ h2{s2[end], Q - ^g)}- 

For any s'2 G ^fc+i, if there does not exist s'l G Out^^^{qi,FAg) such that 
si S2, then we set 7^^+1(53) = 'S'2; if there exists s\ G Out'''+^((7i, i^^ig) 
such that s\ S2, then by Theorem [TJ we have 



3Q2 e ?i2(s2[end], Ag)(VQ2 G ?i2(s2[eH> - ^5)3Qi e hi{s\\end\,n - Ag) 

((ginFA,(si))x(Q2ng'2)c^^)). 

We choose such a (32 and set 7^^+1(52) = Q2- Clearly, F^+i is a function 
from Z\fc+i to 2'^^. 

On the other hand, by Lemma [U there exists at least one strategy of Ag 
mapping (5*2)+ to 2'5^ Let F'j^ : (5*2)+ -J- 2'^'' be an arbitrary strategy of Ag. 
Define the function F^ : (6*2)+ -> 2'^2 as follows: for any s G (52)+, 

1 P'Ag{^) otherwise 

Next we want to show that the function F'j^^ is the desired strategy. It is 
enough to prove three claims below. 



CF\ (72 if and only if for any i 6 N, o"i[i] o"2[*]. Similarly, si S2 if and only 
if si[i] S2[i] for any i < max{|si|, |s2|}. 
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Claim 1 For any n e N, the following conclusions hold: 
(1„) Z\„ ^ 0; 

(2„) for any S2 £ Z\„, si ^"^g S2 for some si e Out"-{qi, FAg); 
(3„) for any S2 G Z\„, F„(s2) e ft2(s2[end], Ag). 
We proceed by induction on n. 

If n = 1, then (1„) and (2„) hold trivially. By the definition of Fi, we 
obtain i^i((?2) G h2{q2,Ag). Thus (3„) holds due to Z\i = {92}- 

Suppose that (1^), (2^) and (3fc) hold. We prove (Ifc+i), (2fc+i) and (3fc+i) 
in turn. 

(Ife+i) By induction hypothesis, we get Ak 7^ and Fk{s) G h2{s[end], Ag) 
for any s e Ak- Let S2 € Zifc and Q2 € /i2(s2[end], J7 — Ag). By Definition [1] 
-F'fe(s2) n is a- singleton set. That is, there exists (72 G <5'2 such that Fk{s2) Ci 
Q2 — {l-z}- Therefore, it follows from the definition of A^+i that 5292 ^ ^k+i- 
Thus Ak+i ^ 0. 

(2fc_|_i) Let S2 G By the construction of Ak+i, there exists S2 G Ak, 

Q2 G /i(s2[end], fl—Ag) and G ^/£(s2)nQ2 such that sj, = S2(72- By induction 
hypothesis, si '^Jj^ S2 for some si G Out'^ {qi , Fj^) . Then by the construction 
of Fk, there exists Q[ G hi{si[end], Q — Ag) such that 

(Q'l n X (Ffe(s2) n Q^) c^^ . 

According to Definition [U both Q'^ n F^(si) and Fk{s2) n Q2 a-^^ singleton 
sets. Thus there exists q[ G 5*1 such that Q[ n Fa,(si) = {q[} and '-^^ q!^- 
Then it follows that siq[ Sj- Moreover, by Lemma [51 we have siq[ G 

Out''~^^{qi,FAg), as desired. 

(3fc+i) Let s'2 G ^fe+i. It follows from {2k+i) that s'^ s'2 for some 
s'j G Oui*''+^(gi, i^A,). Then by the definition of Ffc+i, we get Ffc_|_i(s2) G 
h2{s'2[end],Ag). 

Claim 2 i^jj^ is a strategy of Ag and for any n G N, Z\„ = OuV^ {q2 , F'j^) . 

By Claim 1 and the definition of F^, Fj^{s2) G /i2(s2[enc?], Ag) for any 
S2 G (52)"'". Thus by Lemma [H F^ is a strategy of Ag. Next we prove that 
for any n G N, Z\„ = Out''iq2, F^). 

If n = 1 then An = {92} = Out"-{q2,F^) holds trivially. 

Suppose that n = A; + 1 and Ak = Out''{q2, F^). Then by the definition 
of ^A?' FAgi^2) = -Ffc(s2) for any S2 G Zi^. Further, since Ak = Out''{q2, F'j^), 
by the definition of Ak+i and Lemma [H it is easy to check that Ak+i — 
Out^+\q2.F'^). 

Claim 3 For any a2 G Out{q2, F^), there exists cti G Out{qi, FAg) such 
that CTi (72. 

Suppose that (T2 G Out{q2,F^). By Definition [3] and Claim 2, for any 
n G N, (T2[l,n] G Out^{q2, F^) = Z\„. In order to demonstrate the existence 
of the desired ai G Out{qi, Faq)^ we construct the tree 



< UneNi'"^" £ OuV'{qi,FAg) : s„ --a, cr2[l, -R, 91 > 
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as: 

(a) qi is the root; 

(6) for any s,s' G Unewi'*" ^ Ouf^iqi, FAg) : s„ '^Ag o'2[l,»^]}, sRs' if and 
only if |s'| = |s| + 1 and s'[l, |s|] = s. 

By Claim 1, for any n e N, it follows from (T2[l,n] G Z\„ that {s„ G 
Out"{qi,FAg) : s„ cr2[l,"-]} is non-empty. Thus such tree is infinite. On 
the other hand, since T2 is finite branching, it is easy to see that this tree is 
finite branching. Therefore, by Konig's lemma, there exists an infinite branch 
of this tree. Suppose that this branch is si(= gi), S2, ss, • • • . We define ai 
as (Ti[i] = Si[end] for each i G N. By the construction of this tree, we have 
(Ti G Out{qi,FAg) and cti r^%^ a2- □ 

Due to symmetry of the clauses (1-6) and (2-6) in the lemma below 
are redundant. However, to prove (1-a) and (2-a) by induction, we need to use 
induction hypothesis on (1-6) and (2-6), thus, they are also listed explicitly in 
the lemma. 

Lemma 7 Let Ti — {Si, P, f2, Ui, hi) be two finite branching alternating tran- 
sition systems (i — 1,2). Suppose that d is a metric over P, £ G and 
Ag C n. For any qi G Si, q2 G S2, (Ji G (5*1)" and G (52)'^, 

(1) ifqi r^%^ q2, then for any ((^,7) G H%^, 
(1-a) {Ti,d),qi \= f ^ {T2,d),q2 h 1, 
(1-b) (T2,d),g2 h^^m,rf),9i h7; 

(2) if ai r^^j^ (72, then for any (-0, 0) G E%^, 
(2-a) {Ti,d),ai h ^ ^ {T2,d),G2 h 0: 

(2-b) {T2, d), (72 h ^ (Tl,d), (71 h 

Proof We prove (1) and (2) simultaneously by induction on the ranks of ip and 
^. 

By Definition [51 Cs('p) > and $p(V') > for any state formula (p and path 
formula tp. So it is clear that if ^s(v) = ^ind ^^("0) = then (1) and (2) hold. 

Suppose that {(p,j) G H%g, (■0,0) G E%^, ^s(<p) = ^p{i>) = n-\-l and the 
conclusions (1) and (2) hold for any ((^o,7o) G and (0'Oj0o) G with 
^si^o) = £.p{ipo) < n. 

(1-a) By Lemma m if is in one of the following forms: p, ^71, (fi Aip2, and 
{{Ag))ipi. The argument is split into four cases based on the form of if. In the 
following, we just consider some sample cases. 

Case 1.1 95 = p for somep G P. Suppose that qi 52 and (Ti, d), qi (p. 
By Lemma m we have 7 = {e)p. Then, since (Ti, d),qi \= ip and qi 52, it 
follows from Definition [7] and Theorem[l]that IIi{qi) = p and d{p, i72((72)) < £■ 
Further, by Definition [71 we get {T2,d),q2 \= 7. 

Case 1.2 = ^70. Suppose that qi 52 and (ri,(i),(7i |= ip. By 

Lemma [31 there exists a state formula (/Jq such that ((y9o,7o) G 7 — ~"fo 
and ^s(v) = Cs(7) = Cs(7o) + 1- It follows from {Ti,d), qi \= (f and Definition[7] 
that (Ti,d),qi ^ 79. Further, by induction hypothesis on (1-6), we obtain 
{T2,d),q2 ^ (po. Therefore, {T2,d),q2 |= 7. 
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Case 1.3 ^ — llAg))^'- Suppose that qi ^Jj^ q2 and {Ti,d),qi |= (p. It fol- 
lows from Lemma m that there exists a path formula (p such that {■ip.,4>) G ^Ag^ 
7 - {{Ag))cf> and U^) = Ul) = Cp(V') + 1- Due to {Ti,d),qi h UgU and 
Definition [71 there is a strategy i^_/ig of Ag such that for any a G Out{qi, Faq), 
(Ti,c?),(T ^ ■)/). It follows from gi (72 and Lemma [5] that there exists a 
strategy : (S'2)+ -J> 2'52 g^ch that 

for any a' G Out{q2, F^), a cr' for some a G Out{qi, Faq). 

Then since {Ti,d),a \= ip for any (t G Out{qi,FAg), by induction hypothesis 
on (2-a), {T2,d),a' |= (/) for any ct' G Out{q2,F^). So we have {T2,d),q2 h 7- 

(2-a) By Lemma [4] again, ip is in the form of tpi, -^(f>i,ipi A ip2, '^ipi or 
■0iU-02- We distinguish five cases based on the form of ip and just consider 
some sample cases below. 

Case 2.1 ■0 is a state formula. Suppose that cri ^J^^ (T2 and (Ti, d), cti ^ i/'- 
By LemmaH (-0, 0) G i/^g and ^p(V') = ^^(0) = + 1- By Definition [3 we 
have (Ti, d), (Ti [1] ^ "01. So by induction hypothesis on (1-a), (T2, d), cr2[l] \= 4>- 
Further, it follows from Definition [7] that {T2,d),(j2 |= 0. 

Case 2.2 ip — 0iU02- Suppose that ci '^Jj^ (12 and {Ti,d),(7i |= 0. By 
Lemma [31 there exist path formulas 0i and 02 such that {tpi,(j)i) G = 
1,2), 0iU02 and ^p(0) = ,^p(0) = max{^p(V'i), ^p(V'2)} + 1- Due to 
(Ti, d), (Ti 1= i/'iUi/'2 and Definition [71 there exists z G N such that 

(Ti, d), o-i[i, 00] ^ -02 and for any j < i, (Ti , d) , cti [j, 00] \= -01- 

By induction hypothesis on (2-a), it follows that {T2, d), (72[i, 00] 02 and for 
any j < i, {T2, d), 02[i, 00] \= (pi - Then by Definition[71 we obtain {T2, d), 0-2 |= 

0. □ 

Lemma 8 Let Ti ~ [Si, P, i7, 77^, ft^) 6e two finite branching alternating tran- 
sition systems [i = 1,2). Suppose that d is a metric over P, £ G M']_ and 
Ag C n. For any qi G 5*1 and 92 G 5*2, qi ^Jjg 92 */ i/ie?/ satisfy the following 
two conditions: 

(1) for any {(p,j) G H%g, {Ti,d),qi \= (p ^ {T2,d),q2 |= 7, 
("^J for any {(f,j) G i?^, {T2,d),q2 \= (fi ^ {Ti,d),qi \= 7. 

Proof Set 

^ ^ 92) : 91 G S*! and 52 G S2 satisfy the above conditions (1) and (2)}. 

To complete the proof, it is enough to show that R is an {Ag, £)-alternating 
approximate bisimulation. Suppose that R is not. Since each pair in R satisfies 
the condition (1) in DefinitionlSl there exists (gi, 52) S R satisfying one of the 
following conditions: 

(i) 3Qi G hi{qi,Ag)yQ2 G ^12(92,^9)30^, G ^2(92, f2-Ag)yQ[ G ^11(91, f2- 
Ag){{Q,nQ[) X iQ2nQ'2)^R), 

(ii) 3Q2 G ;i2(92,Ag)Vgi G hi{qi,Ag)3Q[ G hi{qi, n-Ag)VQ'2 G ^2(92,/?- 
Ag)i{QinQ[) X iQ2nQ'2)gR). 

W.l.o.g, suppose that (i) holds. It follows from (i) and Definition [1] that for 
any Q2 G ^2(92, Ag), there exists Q'2 G ^2(92, ■f? — ^5) and 92 G Q2 such that 
{92} = Q2 n and for any Q[ G ^(91, J7 — Ag), 
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Wi} — Qi^] Q'l and ((7^,(72) ^ ^ for unique q[. 

Hence, for each Q2 G fi.2 (<Z2 , Ag) and Q'j^ G fti (gi , i? — Ag) , we can fix a pair 
of states qq^ e (32 and qg'^ G Qi satisfying the above conditions. Then for any 
Q2 G ^12(92,^5) and G hi{qi,f2 — Ag), it follows from (gg'^j^Qa) ^ ^ that 
there exists {ip, 7) e such that 

(a) {Ti,d),qQ>^ [= but (T2,d),(?Q, ^ "'7, or 
(b)(r2,d),(jQ, h= 'y' but {Ti,d),qQ'^ ^ ^7. 

If (a) holds, then {T2,d),qQ2 \= ^-f but {Ti,d),qQ'^ \= ^^ip. Moreover, 
by Definition ini we get (-17, -k/j) G H^. Thus for any Q2 S ^-2(92,^5) and 
Qi e - Ag), there exists (<^q;,Q2,7q;,Q2) S iJ^? such that 

(?2,d),qQ2 h 'y='Q'i,Q2 but {Ti,d),qQ,^ |= -'7Qi,Q2- (1) 

So, for any € h2{q2, Ag), it follows that 

{T2,d),qQ> 1= M Q^eh2{q2,Ag} l\Q',eht{qt.n~Ag) "PQ^-qB- 

By Lemma[Tl for any strategy Fj^ : (52)^ — 2'^% we have F'j^{q2) £ ^2(92, ^ff) 
and then it follows from Definition [3] that for some (T2 £ Out{q2, F^), 

^2[2] = ^F^^^fe) and (T2,d),a2[2] h Vg^eR^fe.Ag) AQ[eh,iq^,n^Ag) ^Q[,Q2- 
Further, by Definition [71 we obtain 

{T2,d),q2 h ^{{^9))^^\/ Q2eh2{q2,Ag) /\Q[eh^{q^M-Ag) fQ[,Q2- 

Moreover, it follows from Definition [9] that (93*, 7*) g H^, where 
p* = -'((^g)>-X Vg^erisfe.Ag) f\Q'^ern(qun-Ag) 'PQ[,Q2 

and 

7* = -^{iAg))^^\/ Q^eri2iq2.Ag) AQ[eh^{q^.^-Ag)^Q[,Q2■ 

Hence, due to {T2,d),q2 ^ p>* and (91,(72) G we get 

(ri,d),gi h7*- (2) 

On the other hand, by Definition [51 it is clear that FAg{qi) = Qi £ 
hi{qi,Ag) for some strategy : (S'l)''' — >■ 2'^i. Then by ©, there exists 
(7i G Out{qi, Fj^) such that 

(Ti , d) , 0-1 [2] h e/i2 (92 ,^3) Aq; {qi,n~Ag) lQ[ .Q2 ■ 

By Definition^ {ai[2]} = QinQ'/ for some Q'l G ^1(91, r2 - Ag). Clearly, 
(7i[2] = qg;'. Then {Ti,d),qQ>> h Ag;efi.i(,i,r2-As)7Qi,Q^ for some G 
^2(92,^5)- Thus we have (Ti , d) , qg'^' |= 7Q'/,g', which contradicts (jlj. □ 

^ Vigj and Aigi f^an be defined as usual, where 7 is a finite index set. 



18 



Jinjin Zhang, Zhaohui Zhu 



Now, we arrive at the main result of this section, which offers a logical 
characterization of alternating approximate bisimilariy. 

Theorem 2 Let Ti = {Si,F, f2, Ui^hi) be two finite branching alternating 
transition systems (i = 1,2). Suppose that d is a metric over P, e 6 M*]. 
and Ag C [2. For any qi G 5*1 and q2 G S2, qi 92 */ and only if they 

satisfy the following conditions: 

(1) for any {(p,j) G H%g, {Ti,d),qi \= (fi ^ {T2,d),q2 h 1, 

(2) for any {ip,'y) G H%g, {T2,d),q2 \= (f ^ {Ti,d),qi |= 7. 

Proof Immediately follows from Lemma [7] and El □ 

For £ = 0, by the clause (1) in Lemma El (Ag, £)-alternating approximate 
bisimilarity is an equivalence relation. In this case, the above result degenerates 
into one in the usual style. 

Corollary 1 Let Ti = (Si,V, [2, Ili, hi) be two finite branching alternating 
transition systems {i ~ 1,2). Suppose that d is a metric over P and Ag C [2. 
For any qi G and q2 G S2, qi ^^ig 92 if o,nd only if for any Ag-ATLQ state 
formula ip, 

{Ti,d),qi h <^ ^ {T2,d),q2 \= (p. 
Proof Suppose that qi G Si and q2 E 82- Then we have 

iff for any {(p, 7) G Hj^, (Ti, d), qi \= f ^ {T2, d), q2 \= 7, and vice verse 
(by Theorem [2]) 

iff for any (ip, 7) G H^, {Ti,d),qi |= '^^ ^ (^2, d), 92 h and vice verse 

(by (1) in Lemma [5]) 
iff for any {ip, 7) G ff^, (Ti, d), qi ^ ip ^ iT2, d), q2 ^ ip 
iff for any Ag-ATL^ state formula ip, (Ti, rf), (?i |= (T2, d), 92 \= P- 

(by (3) in Lemma [5]) □ 

As mentioned in Section [21 a logical characterization of alternating bisimi- 
larity in terms of ATL has been provided in [3]. In the following, we show that 
this characterization can be obtained from the above result immediately. The 
syntax and semantic of ATL is similar to ATL^ and the only difference between 
them is that ATL does not refer to the modal operator (e) and metric over 
observations. Here we do not recall ATL formally, which can be found in [2] [3]. 
Since the semantics of ATL has nothing to do with metric over observations, 
we use T,q \= ip to denote that the state g of T satisfies ATL formula ip. 

Corollary 2 Let Ti — (Si,¥, f2, Lli, hi) be two finite branching alternating 
transition systems (i — 1,2) and Ag C {2. For any qi G 5*1 and q2 G 5*2, 
9i '^A/ 92 if o-nd only if for any Ag-ATL state formula ip, 

Ti,qi h <^ ^ ^2,92 h 

Proof It is not difficult to see that two states are logical equivalent w.r.t Ag- 
ATLq state formulas if and only if so are they w.r.t Ag-ATL state formulas. 
Thus by the clause (1) in LemmaEland Corollary[Tl the conclusion holds. □ 
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5 Application of modal characterization: temporal logical control 

For control systems with disturbances, Pola and Tabuada adopt infinite alter- 
nating transition systems to model their sampling systems and construct fi- 
nite alternating transition systems as their finite abstractions [3S] [35] . In these 
work, alternating approximate bisimilarity is introduced to capture the equiva- 
lence between these sampling systems and finite abstractions. Based on results 
obtained in the previous section, we will establish a relationship between linear 
temporal logical specifications which are satisfied by these sampling systems 
under control and by the corresponding finite abstractions under control, re- 
spectively. Moreover, we give a potential application of this result in the linear 
temporal logical control of control systems with disturbances. 

5.1 Control systems and its finite abstractions 

This subsection recalls some notions and results about control systems with 
disturbances and their finite abstractions provided by [15][21]. Before doing 
so, we introduce some useful notations. 

Given a vector x S K", we denote by xi the z-th element of x and ||a;|| = 
max{|a;i|, |a;2|, • • • ,|2;„|} where \xi\ is the absolute value of Xi. The set X C 
K" is said to be bounded if and only if sup{||a;|| : x S X} < oo. For any 
measurable function / : K° K, ||/||oo — sup{||/(i)||, t > 0} and / is said 
to be essentially bounded if ||/||oo < oo. For a given time t e M+, define fr 
so that frit) = f{t) for any t € [0,t), and /(t) = elsewhere; / is said to 
be locally essentially bounded if for any r e IR.+ , /t is essentially bounded. In 
this section, we consider the metric d on M" defined as d{x,y) = max{|a;i — 

yi\, \x2 - y2\, ■■■\xn- yn\}- 

Definition 10 [25] [26] A control system with disturbances is a quadruple 

5 = {X,W,WJ), where 

• AC R" is the state space; 

» W = U xV is the input space, where 
U C M™ is the control input space; 
C is the disturbance input space; 

• yy is a subset of the set of all measurable and locally essentially bounded 
functions of time from intervals of the form ]a, b[C M. to W with a < and 

6 > 0; 

• f : X X W X is a, continuous map satisfying the following Lipschitz 
assumption: for every compact set A C A, there exists a constant k > such 
that 

||/(a;,w) - f{y,w)\\ < k\\x - y\\ 

for all x,y ^ K and all w G W. 

A locally absolutely continuous curve x :]a, 6[— > A is said to be a trajectory 
if there exists w S W satisfying x(t) = /(x(t), w(i)) for almost all t s]a, b[. 

A control system is said to be forward complete if and only if every trajec- 
tory is defined on an interval of the form ]a, oo[. 
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Convention. As in \25 f \26 Tj . we assume that X , X C M" is a bounded 
polytopic sets with non-empty interior, and the control system S is forward 
complete . 

For such systems, Pola and Tabuada adopt a variety of alternating transi- 
tion systems as models of their sampling systems and finite abstractions [25] [26] . 

Definition 11 An alternating transition system is a tuple T = {S,A,B, — > 
, P, 77) consisting of a set of states S, a set of control labels A, a set of distur- 
bance labels B, a transition relation ^-C S x Ax B x S, an observation set P 
and an observation function U : S ^F. 

We say that an alternating transition system T is metric if the observation 

set P is equipped with a metric, T is non-blocking if {q' : q q'} ^ for any 
g G Q, a G ^ and h ^ B, and T is finite if S", ^ and B are finite. An infinite 
sequence cr G 5"^ is said to be a trajectory of T if and only if for all i G N, 

(j[i] ""'''> (j[i + 1] for some ai G A and bi G B. 

We may view the above alternating transition system as a variant of one 
defined in Definition [TJ The differences between them lie in: the above notion 
involves only two agents which choose successor states by means of choosing 
inputs, moreover, successor states of a given state may not be determined even 
if these two agents make choices. In this section, following Pola and Tabuada, 
the notion "alternating transition system" refers to the one defined above. 
Similar to Definition [5] and [31 the strategy and the corresponding outcomes of 
these systems are defined below. 

Definition 12 A control strategy for an alternating transition system T — 
{S,A,B, — ^,P,77) is a function F : S+ ^ 2^ ~ {0}. For any q e S, the 
outcomes Outlj^{q,F) {n G N) and OutT{q, F) of F from q are defined as 
follows: 

Ouf^iq, F) = {s G S"" :s[l] = q and 

yi<i< n3ai G F(s[l, i])3b, G B{s[i\ s[i + 1])}, 

Outriq, F) = {cr e S"" :cr[l] = q and 

Vi G G F{a[l,i])3b, G B{(j[i\ cr[i + l])}. 

The notion of alternating approximate bisimilarity provided by Pola and 
Tabuada is recalled below. It is not difficult to see that such notion and one 
in Definition [5] are the same in spirit. 

Definition 13 [15] Let Ti = {Si, A,, B„ ^i,P, Hi) {i = 1,2) be two met- 
ric, non-blocking alternating transition systems and let d be a metric over P. 
Given a precision e G M+, a relation R C Si x S2 is said to be an alternat- 
ing e-approximate (AeA) bisimulation relation between Ti and T2 if for any 
(91,92) G R, 

(i) d(7Ti(gi),iT2fe)) <£; 
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(ii) Vai G Ai3a2 £ A2V62 e SsVg^ G 52(<Z2 9^ 3&i e SiBg^ e Si 
{qi and {q[,q'2) e -R))- 

(iii) Va2 e A23ai e AiVfei G BiVgi £ S'i(gi ^ 362 £ S23q^ G 52 

(92 ^^^2 92 and ((?1,(?2) e i?))- 

For any qi G 5*1 and 92 G 52, they are said to be AeA bisimilar, in symbols 
<?! 92, if there exists an AeA bisimulation relation R between Ti and T2 
such that (51,92) G i?. Moreover, Ti and T2 are said to be AeA bisimilar, 
in symbols Ti T2, if there exists an AeA bisimulation relation R between 
Ti and T2 such that Si — {qi G Si : (91,92) G R for some (72 G ^2} and 
52 = {92 € 52 : (91, 92) G -R for some gi G 5i}. 

For control systems with disturbances, Pola and Tabuada construct infinite 
and finite non-blocking alternating transition systems as their samples and 
finite abstractions, respectively. The detailed construction is referred to [Mj . 
Moreover, they demonstrate that under some assumption, the sample Tr{S) 
and finite abstraction are alternating approximate bisimilar. 

Theorem 3 fl^/ Given a control system S ^ {X,U xV, W, /), if S is 5- 
GAS and U xV is compact, then for any desired precision e G K+, there exist 
T G M+ and a finite abstraction T of S that is AeA bisimilar to the sampling 
system Tr{S) of zQ. 

For convenience, we set T^^r{^) ^ {T : T is a finite abstraction of U that 
is AeA bisimilar to the sampling system Tr{U)}. 

5.2 Logical specifications satisfied by samples and abstractions 

In recent years, temporal logic, due to its resemblance to natural language and 
the existence of algorithms for model checking, is widely adopted to describe 
the desired specifications of control systems. For example, linear temporal 
logic (LTL) is used to express specifications of discrete-time linear systems [8] 
and continuous-time linear systems [7]. On the other hand, as mentioned in 
Introduction, finite abstractions of control systems often are adopted to the 
analysis and design of control systems. Then a natural question arises at this 
point: what is the relationship between linear temporal logical specifications 
which are satisfied under control by sampling systems and by the correspond- 
ing finite abstractions respectively? This subsection intends to consider such 
question. To this end, we introduce linear temporal logic LTL^ as follows. 

Definition 14 Let P be a finite set of propositions and e G M+. LTL'^(P) 
formulas are defined inductively as: 

(/) ::— p\{e)p\<j)i V 02|</'i A 02|X0|0iU02, where p G P. 

For any LTL;!|_(P) formula 0, if (e) does not occur in 0, then </) is said to 
be a LTL+(P) formula. 



* The definition of (5-GAS can be found in |26| . 
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As usual, if P is clear from the context, we abbreviate LTL^(P) (LTL+(P)) 
to LTL^ (LTL+, respectively). 

Definition 15 Let T = (5, A, i?, — >, P, 77) be an alternating transition sys- 
tem, e € IR.+ and let d be a metric over P. The satisfaction relation |=C 
5" X LTL%{f) is inductively defined as: 

. (r,d),ahpiffi7(a[l])=p; 

.(r,d),ah(e)p ifrd(p,77(a[l])) <e; 

• (T, d), h 01 V </)2 iff (T, d), h 01 or (T, d), a h 02; 

• (T, d), (T ^ 01 A 02 iff (T, d), (T h 01 a-nd (T, d), cr |= 02; 

• (T, d), o- h X0 iff (T, d), cr[2, oo] \= 0; 

• {T,d),a \^ 0iU02 iff there exists j G N such that {T, d), a[j, oo] \= 02 
and for any i < j, (T, d), iT[i, cxd] \= (f>i. 

Obviously, LTLf^ can be viewed as a sublanguage of ATL^. In particular, 
by the above definitions and Definition [5] and [3 each LTL^ formula can be 
seen as a path formula of ATL^. 

Inspired by Definition [3J we introduce a transformation function below. 

Definition 16 Let P be a set of propositions and e S M+. The transforma- 
tion Tr^ mapping LTL+ formulas to LTL^ formulas is inductively defined as 
follows: 

• Trs{p) = {e)p for any p e P; 

• rr,(0i V 02) = rr,(0i) V rr,(02); 

• rr,(0i A 02) = rr,(0i) A rr,(02); 

• rr,(X0) = Xrre(0); 

• Tr,(0iU02) = Tr,(0i)Urra02). 

Clearly, the graph of such transformation is a subrelation of 7?^ (see Def- 
inition [5]), that is 

Proposition 3 For any LTL+ formula (j), {4),Tr^{4))) £ Ej^. 

Proof Follows from Definition |9] and [161 n 

Then, by Proposition [21 for each pair of formulas and Tr^{(j>), if a state 
sequence satisfies then it satisfies Trg{4>). But the converse of this result fails 
in general. So, given and Tri^^cj)), when considering them as specifications, 
we may view Tre(0) as a looser version of specification 0. 

Similar to Lemma[7l we may prove the following result. It should be pointed 
out that although there exist some differences between notions involved in 
Lemma[71and Proposition^ (see Definition IT] and [TTl Definition [5] and [T5)) . the 
latter may be proved analogously to the former. 

Proposition 4 Let Ti = {Si, Ai, Bi, ^i,¥, Ui) be an infinite, non-blocking 
alternating transition system and T2 = (S'2, A2, B2, -^2, P, ^2) be a finite, non- 
blocking alternating transition system. Suppose that d is a metric over P and 
e € M+. For any qi G Si and (72 € 'S'2 with qi q2 and for any LTL^ formula 
0, if there exists a strategy F : 5*+ 2^^ of T2 such that {T2,d),a \= for 
any a G Out(q2, F), then so does Ti for Trs{(f). 
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Immediately, we have 

Corollary 3 Lei S = {X, U xV, W, /) be a 5 -GAS control system with com- 
pact input space U x V and e G M+. Then there exists r £ M_|_ and a finite 
abstraction Tf G T^^t{^) that is As A bisimilar to the sampling system Tt-{S), 
and for any T G Tg^T-i^) o-nd LTL^ formula (f>, if there exists a state q and a 
strategy F of T such that (T,d),a ^ (j) for any a G Out{q,F), then so does 
Tr{S) for Tr,{cP). 

Proof Follows from Proposition U and Theorem [31 □ 

Due to the above result, for a control system with disturbances satisfying 
the conditions mentioned in Corollary |3l given a LTL+ formula as a specifi- 
cation, if its finite abstraction and its sampling system are AeA bisimilar and 
the former satisfies specification ip under control, then so does the latter for a 
looser specification Tr^{(l)). 

5.3 Linear temporal logical control 

Recently, finite abstraction and the notion of bisimilarity have attracted some 
people's notice in the area of analysis and design of control systems [1] [12] [H] [3D] 
In general, control systems and their finite abstractions share properties of in- 
terest if they are bisimilar. In particular, according to modal characterization 
of bisimilarity, they satisfy same temporal logical properties. Moreover, the 
analysis and design of finite abstractions is simpler than that of control sys- 
tems. Thus the analysis and design of control systems can be equivalently 
performed on the corresponding finite abstractions. 

As an example, Fig[T]ilhistrates the function of finite abstraction and bisim- 
ilarity in the formal design of linear discrete system jSOj . Given a linear discrete 
system 17, Tabuada and Pappas provide an infinite transition system as 
the formal model of S and construct a finite transition system as the finite 
abstraction of S. They prove the following result which lays the foundation of 
the design method of controllers presented in [3^ . 
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Ts and are bisimilar and then share the same properties described by 
linear temporal logic. (*) 

Thus, given an LTL specification (po, the formal design of Tj; can be equiva- 
lently performed on the finite abstraction . Tabuada and Pappas construct 
a controller Tc of enforcing tpo and demonstrate that Tj; satisfies (po un- 
der this controller as well. Furthermore, based on this controller, a close-loop 
system H satisfying ipQ is generated. Similar methods are also adopted in 

[12 ED [29]. 

It is worth to be pointed out that the work [4] [l2] [29] [30| consider only 
the non-disturbance control systems. We intend to generalize these methods 
to the disturbance case. Similar to the conclusion (*) above, as illustrated by 
Fig [21, Corollary E] in this paper combining with the work in [55] provides 
analogous results for linear temporal logical control of control systems with 
disturbances. In detail, Pola and Tabuada construct finite abstractions of con- 
trol systems that are AeA bisimilar to the samples of control systems [26], 
while we demonstrate that if finite abstraction satisfies a specification (f> un- 
der control then so does the samples for a looser specification Tr^{(t)) (see 
Corollary These results inspire us to provide an approach for the design 
of control system as shown in Fig[2J first, construct finite abstraction that is 
As A bisimilar to the sample of control system; second, find a strategy of finite 
abstraction enforcing the given LTL+ specification (f>; and finally, construct 
controller for control systems based on this strategy so that sampling system 
satisfies the transformed specification Tr^{ip) [^. The first step has been com- 
pleted by Pola and Tabuada [26 . For the second step, an algorithm has been 
offered to find strategies of alternating transition systems enforcing linear tem- 
poral logical specifications [20] and this algorithm can be adopted to obtain 
the desired strategies for finite abstractions. So there is only one question left 
to answer: how to construct the desired controller for control system based on 
the strategy of finite abstraction. Our future work will focus on this issue. 

^ In this figure, ATS is the abbreviation of alternating transition system. 

^ Since we often just can observe the sampling systems rather than control systems with 
disturbances, it may be reasonable to require that the samples satisfy specifications under 
such controllers. 
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6 Conclusion 

This paper provides a modal characterization of ahernating approximate bisim- 
ilarity. Since alternating approximate bisimilarity is not always an equivalence 
relation, its modal characterization can not be provided in the usual style. 
This paper introduces two relations over temporal logic ATL^ and adopt these 
relations to establish the desired modal characterization of alternating ap- 
proximate bisimilarity in a new style (see Theorem [5]). This result reveals a 
relationship between the approximate equivalence among alternating transi- 
tion systems and the temporal logical properties satisfied by these systems. 

Pola and Tabuada adopt alternating transition systems to model the sam- 
ples of control systems with disturbances and their finite abstractions, and 
introduce the notion of alternating approximate bisimilarity to capture the 
equivalence between these systems [IS] [35]. Based on the modal character- 
ization of alternating approximate bisimilarity obtained in this paper, we 
provide the transformation function Tr^ from LTL_|_-specifications to LTLf|_- 
specifications. Moreover, we show that, given a control system with distur- 
bances, whose sampling system and finite abstraction are alternating approx- 
imate bisimilar, if the later realizes LTL_(_-specification (p under control, then 
the former satisfies the corresponding LTL^-specification Trg{(j)) under con- 
trol. As illustrated in Fig[21 this result may be useful in designing the controller 
for control systems with disturbances. Future work will be devoted to perfect- 
ing the approach shown in Fig [2] 
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